Issue #1272 - SSP refuses to use temp dir if it doesn't own it, even though it...

Issue #1272 - SSP refuses to use temp dir if it doesn't own it, even though it can write to it (#1314) * Issue #1272 - SSP refuses to use temp dir if it doesn't own it, even though it can write to it This has been addressed using the is_writable function instead of checking for UID, which only works in a Linux environment Co-authored-by: Aaron St. Clair <astclair@ecrs.com>

Issue #1272 - SSP refuses to use temp dir if it doesn't own it, even though it...
c81d33fc · Aaron St. Clair · GitHub · 40509a8b · c81d33fc · c81d33fc
Unverified Commit c81d33fc authored 5 years ago by Aaron St. Clair Committed by GitHub 5 years ago
--- a/lib/SimpleSAML/Utils/System.php
+++ b/lib/SimpleSAML/Utils/System.php
@@ -67,12 +67,13 @@ class System
     * This function retrieves the path to a directory where temporary files can be saved.
     *
     * @return string Path to a temporary directory, without a trailing directory separator.
-     * @throws Error\Exception If the temporary directory cannot be created or it exists and does not belong
+     * @throws Error\Exception If the temporary directory cannot be created or it exists and cannot be written
-     * to the current user.
+     * to by the current user.
     *
     * @author Andreas Solberg, UNINETT AS <andreas.solberg@uninett.no>
     * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
     * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+     * @author Aaron St. Clair, ECRS AS <astclair@ecrs.com>
     */
    public static function getTempDir(): string
    {
@@ -86,6 +87,10 @@ class System
            DIRECTORY_SEPARATOR
        );
+        /**
+         * If the temporary directory does not exist then attempt to create it. If the temporary directory
+         * already exists then verify the current user can write to it. Otherwise, throw an error.
+         */
        if (!is_dir($tempDir)) {
            if (!mkdir($tempDir, 0700, true)) {
                $error = error_get_last();
@@ -94,14 +99,12 @@ class System
                    (is_array($error) ? $error['message'] : 'no error available')
                );
            }
-        } elseif (function_exists('posix_getuid')) {
+        } elseif (!is_writable($tempDir)) {
-            // check that the owner of the temp directory is the current user
+            throw new Error\Exception(
-            $stat = lstat($tempDir);
+                'Temporary directory "' . $tempDir .
-            if ($stat['uid'] !== posix_getuid()) {
+                '" cannot be written to by the current user' .
-                throw new Error\Exception(
+                (function_exists('posix_getuid') ? ' "' .  posix_getuid() . '"' : '')
-                    'Temporary directory "' . $tempDir . '" does not belong to the current user.'
+            );
-                );
-            }
        }
        return $tempDir;

--- a/tests/lib/SimpleSAML/Utils/SystemTest.php
+++ b/tests/lib/SimpleSAML/Utils/SystemTest.php
@@ -267,23 +267,16 @@ class SystemTest extends TestCase
    /**
-     * @requires OS Linux
     * @covers \SimpleSAML\Utils\System::getTempDir
     * @test
     * @return void
     */
-    public function testGetTempDirBadOwner()
+    public function testGetTempDirBadPermissions()
    {
-        if (!function_exists('posix_getuid')) {
-            static::markTestSkipped('POSIX-functions not available;  skipping!');
-        }
-        $bad_uid = posix_getuid() + 1;
        $tempdir = $this->root_directory . DIRECTORY_SEPARATOR . self::DEFAULTTEMPDIR;
        $config = $this->setConfigurationTempDir($tempdir);
-        chown($tempdir, $bad_uid);
+        chmod($tempdir, 0440);
        $this->expectException(\SimpleSAML\Error\Exception::class);
        System::getTempDir();